Publishers of play-to-earn video games based on the WonderHero blockchain were forced to temporarily disable all their services, as the cost of its tokens dropped dramatically after an unknown hacker minted the game tokens and was able to withdraw about $ 300 thousand.
Representatives of WonderHero confirmed the fact of a cyberattack on their cross-chain bridge, which allows you to transfer cryptocurrency on one blockchain to another. The attacker managed to get a signature and minted 80 million WND (cryptocurrency of the game).
According to CoinMarketCap, after the cyberattack, the value of the WonderHero token (WND) decreased by about 50%.
WonderHero is an anime–inspired mobile RPG game set in the future. The earth is polluted by the waste of nuclear war, and the last human civilization moves to live on a huge space station. Players collect characters, weapons and items – and it’s all NFT. To upgrade characters, players must buy or earn WND cryptocurrency.
The attack occurred just a week after hackers managed to steal more than $600 million in cryptocurrency from the cross-chain bridge of another play-to-earn game, Axie Infinity. With the help of hacked private keys, the attackers forged the withdrawal of funds. They exploited a bridge in the Ronin blockchain network interacting with Axie Infinity based on Ethereum, seizing control of the majority node of its validator, which verifies and approves transactions.
As explained by ZenGo information security expert Tal Be’ery, most likely, hackers were able to gain access to the WonderHero private key, which allowed them to mint new tokens. It is impossible to determine how the attackers got the private key, but there is no doubt that they got it, Beeri assured.
“How do we know that the private key was stolen? In order to add someone as a “minter”, you need a private key to sign the corresponding transaction,” the expert explained to Motherboard.